In this post of Month of Bugs in Captchas we continue our talk about one of previous participants of the project - Cryptographp. It is captcha plugin for WordPress. Vulnerable version is Cryptographp 1.2 (and previous versions).

This captcha in addition to Insufficient Anti-automation is also vulnerable for XSS (like Math Comment Spam Protection). These Cross-Site Scripting holes I found 22.11.2007.